chore: Add SECURITY policy that conforms with OSSF requirements (#825)

---------

Co-authored-by: George L. Yermulnik <[email protected]>

Author: MaxymVlasov

.github/SECURITY.md

@@ -0,0 +1,22 @@
+# Reporting a Vulnerability
+
+If you believe you have discovered a potential security vulnerability in this project, please report it securely. **Do not create a public GitHub issue for any security concerns.**
+
+## How to Report
+
+Send an email with a detailed description of the vulnerability, including any evidence of the disclosure, the impact, and any timelines related to the issue to: [[email protected]](mailto:[email protected])
+
+## Vulnerability Disclosure Process
+
+- **Confidential Disclosure:** All vulnerability reports will be kept confidential until a fix is developed and verified.
+- **Assessment and Response:** We aim to acknowledge any valid report within 15 business days.
+- **Timelines:** After verification, we plan to have a coordinated disclosure within 60 days, though this may vary depending on the complexity of the fix.
+- **Communication:** We will work directly with the vulnerability reporter to clarify details, answer questions, and discuss potential mitigations.
+- **Updates:** We may provide periodic updates on the progress of the remediation of the reported vulnerability.
+
+## Guidelines
+
+- **Vulnerability Definition:** A vulnerability is any flaw or weakness in this project that can be exploited to compromise system security.
+- **Disclosure Expectations:** When you report a vulnerability, please include as much detail as possible to allow us to assess its validity and scope without exposing sensitive information publicly.
+
+By following this process, you help us improve the security of our project while protecting users and maintainers. We appreciate your efforts to responsibly disclose vulnerabilities.